hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
53,243 Commits 1,672 Branches 157 Tags
5594e7f6d218499ffb1abf76607406ad24fcd3d0
Commit Graph

9292 Commits

Author SHA1 Message Date
Ed Minnix
5594e7f6d2 Add SensitiveGetQuery 2023-04-12 20:37:35 -04:00
Ed Minnix
478309c90b Add UnsafeDeserializationRmi 2023-04-12 20:37:35 -04:00
Ed Minnix
e2cfea19b5 Add UnsafeUrlForward 2023-04-12 20:37:35 -04:00
Ed Minnix
d48adbd175 Refactor JsonpInjection 2023-04-12 20:37:35 -04:00
Ed Minnix
8cb5e78832 Refactor XXE files 2023-04-12 20:37:35 -04:00
Ed Minnix
4c80ff03de Refactor UnvalidatedCors 2023-04-12 20:37:35 -04:00
Ed Minnix
d254d91f57 Refactor Injection queries 2023-04-12 20:37:35 -04:00
Ed Minnix
7002ed5303 Refactor InsecureRmiJmxEnvironmentConfiguration 2023-04-12 20:37:35 -04:00
Ed Minnix
6e4e1e52c0 Refactor NFEAndroidDoS 2023-04-12 20:37:35 -04:00
Ed Minnix
94768f425f Refactor HashWithoutSalt 2023-04-12 20:37:35 -04:00
Ed Minnix
cb7391177d Refactor MyBatis queries 2023-04-12 20:37:35 -04:00
Ed Minnix
d528c8461f Refactor XQueryInjection.ql 2023-04-12 20:37:35 -04:00
Ed Minnix
e7cbd493d7 Refactor FilePathInjection 2023-04-12 20:37:35 -04:00
Ed Minnix
47c5db03ab Refactor OpenStream.ql 2023-04-12 20:37:34 -04:00
Ed Minnix
5bd9aae072 Refactor Log4jJndiInjection.ql 2023-04-12 20:37:34 -04:00
Chris Smowton
7eefa43f5a Rename and document viableArgParamSpecific to make clear it is a temporary hook. 2023-04-12 14:33:46 +01:00
Chris Smowton
4d8ca3d759 Add dataflow callback to filter out receiver argument flow to Golang interface dispatch candidates. 
Other langauges stub the callback.
 2023-04-12 14:19:06 +01:00
github-actions[bot]
a55f5ed933 Add changed framework coverage reports 2023-04-12 00:15:16 +00:00
Jami
b7c7449b08 Merge pull request #12739 from jcogs33/jcogs33/add-one-more-top500-model 
Java: add summary model for `UnsupportedOperationException(String)` constructor
 2023-04-11 08:25:36 -04:00
Tony Torralba
075c0f94ac Merge pull request #12785 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-04-11 11:34:37 +02:00
Tony Torralba
944bdfde45 Apply suggestions from code review 2023-04-11 09:47:47 +02:00
Stephan Brandauer
cb8506d51a Update MaD Declarations after Triage 2023-04-11 09:25:39 +02:00
github-actions[bot]
bfdfa0b93e Add changed framework coverage reports 2023-04-11 00:15:35 +00:00
Jami Cogswell
6a103f5070 Java: add change note 2023-04-06 10:22:03 -04:00
Jami Cogswell
c4f8a9a2eb Java: update genVsMan query test case; resolve conflict 2023-04-06 10:21:53 -04:00
Jami Cogswell
01dd2647d4 Java: add test case for yml model 2023-04-06 10:19:33 -04:00
Jami Cogswell
6b695434b7 Java: add yml model for UnsupportedOperationException; resolve conflict 2023-04-06 10:19:19 -04:00
Jami Cogswell
8b0eba78aa Java: add UnsupportedOperationException to topJdkApiName 2023-04-06 10:14:36 -04:00
Jami
c55c9f50c9 Merge pull request #12680 from jcogs33/jcogs33/metrics-query-refactor-top500 
Java: test GeneratedVsManualCoverage query on top 500 JDK APIs
 2023-04-06 10:07:35 -04:00
Tony Torralba
8686036346 Update java/ql/lib/change-notes/2023-03-31-new-models.md 2023-04-06 15:25:33 +02:00
Jami Cogswell
cc92936f6a Java: rename stubs directory 2023-04-06 08:32:09 -04:00
Jami Cogswell
b534f40b26 Java: move TopJdkApis.qll to src directory 2023-04-06 08:23:22 -04:00
Tony Torralba
d58d6fe6be Update java/ql/lib/ext/java.net.model.yml 2023-04-06 13:58:13 +02:00
Tony Torralba
cdb3d9ea5a Apply suggestions from code review 2023-04-06 12:23:50 +02:00
Stephan Brandauer
18801b39c6 Update MaD Declarations after Triage 2023-04-06 12:23:50 +02:00
github-actions[bot]
a707772222 Add changed framework coverage reports 2023-04-06 00:15:35 +00:00
Tony Torralba
3f2840bb1b Remove com.hippo models 2023-04-05 15:32:53 +02:00
Tony Torralba
bced2d692b Apply suggestions from code review 2023-04-05 15:19:21 +02:00
Stephan Brandauer
f87618238f Review suggestions 2023-04-05 15:15:03 +02:00
Stephan Brandauer
edf7ba09e7 try different change note name 2023-04-05 15:15:02 +02:00
Stephan Brandauer
0a5d19fc71 Update MaD Declarations after Triage 2023-04-05 15:15:02 +02:00
Jonathan Leitschuh
0d774a647c Fix partial path traversal Java example Again 
The original wouldn't compile, and the fix made by #11899 is sub-optimal.
This keeps the entire comparision using the Java `Path` object, which is optimal.

Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2023-03-31 23:36:07 -04:00
Jonathan Leitschuh
b9d409279b Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalRemainder.inc.qhelp 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-03-31 23:36:07 -04:00
Jonathan Leitschuh
e641505361 Fix partial path traversal Java example Again 
The original wouldn't compile, and the fix made by #11899 is sub-optimal.
This keeps the entire comparision using the Java `Path` object, which is optimal.

Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2023-03-31 23:36:07 -04:00
Jami Cogswell
0688fa6ed1 Java: update expected file for results without interface members 2023-03-31 18:02:09 -04:00
Jami Cogswell
c69745a6f8 Java: fix stubs 2023-03-31 18:02:09 -04:00
Jami Cogswell
266939840d Java: update expected file with results that include interface members 2023-03-31 18:02:09 -04:00
Jami Cogswell
aca538310f Java: update some qldocs 2023-03-31 18:02:09 -04:00
Jami Cogswell
8b18df0987 Java: update top jdk apis test case with stubs 2023-03-31 18:02:09 -04:00
Jami Cogswell
e0524a1177 Java: add test case for top jdk apis 2023-03-31 18:02:09 -04:00